| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1195660319.759.50.camel@moss-spartans.epoch.ncsc.mil> Date: Wed, 21 Nov 2007 10:51:59 -0500 From: Stephen Smalley <sds@...ho.nsa.gov> To: "Serge E. Hallyn" <serue@...ibm.com> Cc: linux-kernel@...r.kernel.org, casey@...aufler-ca.com, chrisw@...s-sol.org, darwish.07@...il.com, jmorris@...ei.org, method@...icmethod.com, morgan@...nel.org, paul.moore@...com Subject: Re: + smack-version-11c-simplified-mandatory-access-control-kernel.patch added to -mm tree On Wed, 2007-11-21 at 09:48 -0600, Serge E. Hallyn wrote: > Quoting akpm@...ux-foundation.org (akpm@...ux-foundation.org): > > +/* > > + * There are not enough CAP bits available to make this > > + * real, so Casey borrowed the capability that looks to > > + * him like it has the best balance of similarity amd > > + * low use. > > + */ > > +#define CAP_MAC_OVERRIDE CAP_LINUX_IMMUTABLE > > Hey Casey, > > note that 64-bit capabilities are now in -mm, so you could grab your own > capability. Which brings up an interesting question - what to do with security-module-specific capabilities? CAP_MAC_OVERRIDE is specific to Smack - other MAC modules like SELinux won't honor it. Maybe it should be CAP_SMACK_OVERRIDE. -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists